[Dshield] IH Policy for third party webhosts?
mrcorp at yahoo.com
Mon Mar 14 18:46:23 GMT 2005
Great question! I love these...
I start with SLA (Service Level Agreements). These outline your expectations of the service you
are provided. For example, in this specific scenario, I would include notification of impact to
service, escalation process, and etc.
Next, I would include a required audit by your folks in audit, or if a smaller org, by yourself.
Most third parties today understand this.
I also require third parties to have a certification of some sort. Such as ISO or BS7799. This
is sometimes very difficult, but is very helpful when you know they meet specific requirements.
I do have some policy work on this as well that will be up on my site later this
week.(www.infosecwriters.com) I also have a worksheet that I require to have completed when
evaluating vendors or service providers. I would be willing to share this, just contact me off
--- warwick ackfin <warwick7th at gmail.com> wrote:
> I have a situation where a client's website and webapplications are
> hosted by a third party in another country. Recently they have
> experienced prolonged unscheduled downtime and the webhost is tell me
> that there was an attack of some sort but will not go into further
> This isn't your regular webhost and my client has a contract with
> certain expectations wired into it. Unfortunately, the contract is
> devoid of any incident handling measures expected of the webhost such
> as sharing of log information and attack characteristics.
> Has anyone out there found themselves in the same nightmarish
> predicament? If so, what types of things did you include in the
> I want to be mindful of the webhosts security posture and the need to
> protect their own perimeter. I know I can't ask for all the IDS /
> Firewall logs but I should be able to request grepped logs pertaining
> to my client's environment right?
> ....and for the record...the idea of halting the SANS practicals is a
> very VERY bad one...
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list